Lucene search
K

1464 matches found

Vulnrichment
Vulnrichment
added 2026/02/11 8:26 a.m.4 views

CVE-2026-1821 Microtango <= 0.9.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Microtango plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'restkey' parameter of the mtreservation shortcode in all versions up to, and including, 0.9.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS5.8AI score0.00248EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/03 11:15 a.m.4 views

CVE-2025-67855

A flaw was found in mooodle. A remote attacker could exploit a reflected Cross-Site Scripting XSS vulnerability in the policy tool return URL. This vulnerability arises from insufficient sanitization of URL parameters, allowing attackers to inject malicious scripts through specially crafted links...

6.1CVSS6.1AI score0.00333EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/03 10:52 a.m.6 views

EUVD-2025-206749

A flaw was found in mooodle. A remote attacker could exploit a reflected Cross-Site Scripting XSS vulnerability in the policy tool return URL. This vulnerability arises from insufficient sanitization of URL parameters, allowing attackers to inject malicious scripts through specially crafted links...

5.4CVSS5.8AI score0.00333EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.9 views

PT-2026-6225

Name of the Vulnerable Software and Affected Versions Crocoblock JetElements For Elementor versions through 2.7.12.2 Description A flaw exists in Crocoblock JetElements For Elementor that allows for DOM-Based Cross-site Scripting XSS. This issue arises from improper input neutralization during we...

6.5CVSS5.4AI score0.00161EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.3 views

PT-2026-5749

Name of the Vulnerable Software and Affected Versions Craft Commerce versions 4.0.0-RC1 through 4.10.0 Craft Commerce versions 5.0.0 through 5.5.1 Description Craft Commerce, an ecommerce platform for Craft CMS, contains a stored cross-site scripting XSS issue. The issue stems from insufficient...

6.1CVSS5.1AI score0.00283EPSS
Exploits1References9
OSV
OSV
added 2026/01/29 6:16 p.m.4 views

UBUNTU-CVE-2025-45160

A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27...

5.4CVSS5.9AI score0.002EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2026/01/28 1:28 a.m.4 views

CVE-2026-1513

billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...

6.1CVSS5.5AI score0.00158EPSS
Exploits0
EUVD
EUVD
added 2026/01/21 12:31 a.m.6 views

EUVD-2025-206306

When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized...

5.7CVSS5.4AI score0.0055EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.8 views

MiracleLinux 8 : python27:2.7 (AXSA:2022-3551:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3551:01 advisory. python: urllib: Regular expression DoS in AbstractBasicAuthHandler CVE-2021-3733 python: ftplib should not use the host from the PASV response...

8.2CVSS7.4AI score0.11586EPSS
Exploits3References6
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.7 views

PT-2026-3476

Name of the Vulnerable Software and Affected Versions HotCRP version 3.1 Description HotCRP is conference review software. A flaw introduced in April 2024 in version 3.1 allows users to trigger the execution of arbitrary PHP code due to inadequately sanitized code generation for HotCRP formulas...

9.9CVSS6.4AI score0.00392EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/01/16 7:23 a.m.3 views

CVE-2025-14375 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.10 - Reflected Cross-Site Scripting via className

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS5.3AI score0.00172EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

MiracleLinux 4 : gnupg2-2.0.14-9.AXS4 (AXSA:2018-3257:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2018-3257:01 advisory. gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification CVE-2018-12020 Tenable has...

7.5CVSS7.2AI score0.08654EPSS
Exploits0References2
OSV
OSV
added 2026/01/15 2:51 p.m.11 views

USN-7964-1 git vulnerabilities

It was discovered that Git did not properly sanitize URLs when asking for credentials via a terminal prompt. An attacker could possibly use this issue to trick a user into disclosing their password. CVE-2024-50349 It was discovered that Git did not properly handle carriage return characters in it...

7.5CVSS6.8AI score0.01019EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/15 12:0 a.m.5 views

CVE-2025-67081

An SQL injection vulnerability in Itflow through 25.06 has been identified in the "roleid" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from the database. The vulnerability arises fro...

7.7AI score0.0024EPSS
Exploits0References2
OSV
OSV
added 2026/01/14 4:41 a.m.4 views

USN-7958-1 angular.js vulnerabilities

It was discovered that AngularJS did not properly sanitize certain xlink:href attributes. A remote attacker could possibly use this issue to perform cross site scripting. This issue only affected Ubuntu 16.04 LTS. CVE-2019-14863 It was discovered that AngularJS incorrectly handled certain regular...

7.5CVSS6.4AI score0.04658EPSS
Exploits7References11
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.9 views

PT-2026-2926

Name of the Vulnerable Software and Affected Versions html2pdf.js versions prior to 0.14.0 Description html2pdf.js converts webpages or elements into printable PDFs client-side. When provided with a text source instead of an element, versions prior to 0.14.0 do not sufficiently sanitize the text...

8.7CVSS6.5AI score0.00324EPSS
Exploits1References14
PyPA
PyPA
added 2026/01/12 5:15 p.m.11 views

PYSEC-2026-90

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PU...

9.1CVSS5.9AI score0.19213EPSS
Exploits2References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.13 views

CVE-2023-4820

The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.0.12 does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin...

5.4CVSS6.5AI score0.00403EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:0 a.m.12 views

CVE-2020-7602

node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand" is called by "getDevices" function in file "linux/manager.js", which is required by the "index. process.env.NMCLI" in the file "linux/manager.js". This function is used to construct the argument of function...

9.8CVSS7AI score0.02534EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.8 views

WordPress plugin Brevo for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

7.2CVSS5.8AI score0.00255EPSS
Exploits1References8
Rows per page
Query Builder